In Need of a
IT Lawyer?
Ask For Legal Assistance
Our lawyers are specialists in Dutch law
Average Rating
0
Recommend Us
0
%
Response Time
0
+
Years Experience
0
+
Easily accessible
Law & More is available Monday to Friday from 08:00 to 22:00 and on weekends from 09:00 to 17:00
Fast communication
Our lawyers listen to your case and come up with an appropriate plan of action
Personal approach
Our working method ensures that 100% of our clients recommend us and that we are rated on average with a 9.4
IT Lawyer
Technology drives modern business — and with it comes a growing body of law that every company operating in the digital space must navigate. IT law (also referred to as ICT law or technology law) covers the full spectrum of legal issues that arise from the development, sale, use, and governance of digital products and services.
The Netherlands has one of Europe’s most advanced digital economies, home to a thriving technology sector in cities like Eindhoven, Amsterdam, and the Brainport region. Law & More’s IT lawyers have deep, hands-on expertise in the legal issues that matter most to technology companies, startups, scale-ups, and businesses that depend on IT — from contract disputes and software licensing to GDPR compliance and AI regulation.
Our IT legal services include:
- IT contracts: software, SaaS, cloud, and licensing agreements
- GDPR and data protection compliance
- Cybersecurity law and data breach response
- Software law and copyright protection
- AI and algorithm regulation
- E-commerce and webshop law (Webwinkelwet, consumer rights, distance selling)
- SaaS, cloud, and hosting agreements
- Open source software licensing
- IT procurement and outsourcing
- Source code escrow and business continuity arrangements
- Industrial and embedded software
- IT disputes, liability, and litigation
- Intellectual property in technology: patents, trade secrets, and trademarks
Our IT lawyers are ready for you
Corporate lawyert
Family Lawyer
Migration Lawyer
Criminal Lawyer
“Law & More lawyers are involved and can empathize with the client’s problem”
GDPR and Data Protection
Since its entry into force in May 2018, the General Data Protection Regulation (GDPR — in the Netherlands implemented as the AVG) has fundamentally changed how companies must handle personal data. Violations can lead to fines of up to €20 million or 4% of global annual turnover — whichever is higher. The Dutch Data Protection Authority (Autoriteit Persoonsgegevens) has become one of the most active supervisory authorities in Europe.
Whether you are a small webshop collecting customer data or a large enterprise processing millions of records, GDPR compliance is not optional. Law & More advises companies of all sizes on their data protection obligations.
We assist with:
- Conducting a GDPR gap analysis and compliance audit
- Drafting and reviewing privacy policies, cookie statements, and data processing agreements (verwerkersovereenkomsten)
- Advising on lawful bases for processing (consent, legitimate interest, contract)
- Data subject rights: access, deletion, portability, and objection
- Data Protection Impact Assessments (DPIAs)
- Appointing and advising Data Protection Officers (DPOs)
- Cross-border data transfers and Standard Contractual Clauses (SCCs)
- Responding to supervisory authority investigations
- Data breach notification procedures (within the 72-hour obligation)
- Employee monitoring and privacy in the workplace
Client Stories
What Our Clients Say
Our IT lawyers are ready to assist you:
- Direct contact with a lawyer
- Short lines and clear agreements
- Available for all your questions
- Refreshingly different. Focus on client
- Fast, efficient and result-oriented
Cybersecyrity and Information Protection
Cybersecurity is one of the fastest-growing areas of IT law. With cybercrime, ransomware attacks, and data breaches on the rise, companies face mounting legal obligations to protect their systems and the personal data they hold. At the same time, the regulatory landscape is rapidly expanding: beyond the GDPR, the EU’s NIS2 Directive (implemented in the Netherlands via the Cyberbeveiligingswet) now imposes mandatory security requirements and incident reporting obligations on a broad range of organisations.
Law & More advises companies on their legal cybersecurity obligations and helps them respond swiftly and effectively when incidents occur.
We help you with:
- Understanding your obligations under NIS2 and the Dutch Cyberbeveiligingswet
- Drafting and reviewing cybersecurity policies and incident response plans
- Legal requirements for information security measures (Article 32 GDPR)
- Liability following a data breach — towards regulators, customers, and business partners
- Hacking, computer fraud, and other cybercrime under Dutch criminal law (Article 138ab Wetboek van Strafrecht)
- Vendor and supplier security obligations in IT contracts
- Insurance advice in relation to cyber risks (cyber liability policies)
- Crisis management and communication after a security incident
- Whistleblower and internal reporting obligations under the Wet Huis voor Klokkenluiders
IT Contracts
In the digital economy, contracts are the foundation of every business relationship — yet IT contracts are frequently drafted poorly, misunderstood, or simply absent. A poorly drafted software agreement, SLA, or outsourcing contract can leave your company exposed to enormous liability, unplanned costs, or loss of critical data or IP.
Law & More’s IT lawyers draft, review, and negotiate technology contracts for clients across all industries, from early-stage startups to multinationals.
We draft and advise on:
- Software development and licensing agreements
- SaaS agreements and subscription contracts
- Cloud services agreements (IaaS, PaaS, SaaS)
- IT outsourcing and managed services agreements
- Service Level Agreements (SLAs) and penalty clauses
- Maintenance and support contracts
- Hardware procurement contracts
- Reseller and distribution agreements for software
- General terms and conditions (algemene voorwaarden) for IT companies
- Data processing agreements (DPAs/verwerkersovereenkomsten)
- Non-disclosure and confidentiality agreements (NDAs)
- Joint development and co-creation agreements
Common issues we resolve:
- Disputes over what was agreed to be delivered (scope creep and delivery failures)
- Unclear ownership of developed software or data
- Vendor lock-in and exit clauses
- Liability caps and exclusion clauses
- Change management procedures
Software Law and Intellectual Property
Software is protected by intellectual property law — primarily copyright under the Dutch Auteurswet — but also increasingly by trade secret law (Wet bescherming bedrijfsgeheimen), and sometimes by patents (octrooien) where novel technical processes are involved. Understanding who owns your software, and on what terms others may use it, is fundamental to protecting the value of your technology.
Key questions we answer for software developers and users:
- Who owns the copyright in software developed by employees or freelancers?
- What IP rights does your client obtain when you build custom software for them?
- How should software licenses be structured to protect your business model?
- Can your competitor copy your software’s functionality or UI?
- What constitutes infringement of a software copyright, and what remedies are available?
- How do you enforce your IP rights against piracy or unauthorised copying?
- What can you protect with a trade secret, and how?
We assist with:
- Structuring IP ownership in software development contracts (work-for-hire vs. licensing)
- Drafting end-user license agreements (EULAs) and developer agreements
- IP due diligence for investors and acquirers of technology companies
- Enforcement of copyright infringement through cease-and-desist letters or court proceedings
- Trade secret protection strategies and contractual safeguards
- Domain name disputes and brand protection online (UDRP proceedings)
Saas & Cloud
SaaS and cloud computing have become the standard delivery model for enterprise software. While the commercial advantages are clear, the legal risks are frequently underestimated — particularly around data sovereignty, GDPR compliance, vendor dependency, and service continuity.
As a SaaS provider or cloud user, your legal agreements must carefully address performance, liability, data ownership, and what happens if the provider goes bankrupt or terminates the service.
For SaaS and cloud providers, we advise on:
- Drafting subscription and SaaS agreements that protect your business
- Structuring fair and enforceable liability limitations
- GDPR-compliant data processing agreements with your customers
- Sub-processor management and supply chain obligations
- Uptime SLAs, credits, and penalty clauses
- Acceptable use policies and account termination procedures
For companies using SaaS or cloud services, we advise on:
- Reviewing and negotiating SaaS contracts with major providers
- Ensuring GDPR compliance, including sub-processor and data location requirements
- Negotiating exit clauses and data portability rights
- Business continuity and data recovery provisions
- Understanding your liability in case of a cloud provider outage
Business Continuity & Escrow
Business continuity is increasingly recognised as a legal obligation as much as a commercial priority — particularly under the NIS2 Directive and the Digital Operational Resilience Act (DORA) for financial services companies. Source code escrow is one of the most effective legal tools to ensure that critical software remains accessible even if your IT vendor ceases operations.
We advise on:
- Structuring and drafting source code escrow agreements (broncode-escrow)
- Selecting and working with independent escrow agents (SGD, Iron Mountain, etc.)
- Defining release conditions: what triggers access to the escrowed source code?
- Technology escrow for cloud and SaaS: data escrow and functional escrow solutions
- Business continuity obligations under NIS2, DORA, and financial sector regulations
- Disaster recovery and backup obligations in IT contracts
- Continuity planning for critical IT outsourcing arrangements
Webshop Law & E-commerce
Running an online store in the Netherlands means complying with a complex and evolving set of legal requirements — from Dutch consumer law and European e-commerce directives to GDPR, cookie regulations, and advertising rules. Non-compliance can result in significant fines from the ACM (Netherlands Authority for Consumers and Markets) or the Autoriteit Persoonsgegevens.
Law & More helps webshop owners and e-commerce businesses get their legal documentation right and stay compliant as the law evolves.
We assist with:
- Drafting and reviewing general terms and conditions (algemene voorwaarden) for webshops
- Meeting legal disclosure and information obligations under the Wet OHP and EU Consumer Rights Directive
- Implementing a legally compliant return and refund policy (herroepingsrecht — 14-day cooling-off period)
- Cookie consent and cookie banner compliance (Telecomwet, GDPR)
- Privacy policy and data processing documentation
- Payment service provider compliance (PSD2)
- Marketplace obligations under the EU Platform-to-Business (P2B) Regulation and Digital Services Act (DSA)
- Online advertising rules: endorsements, reviews, and influencer marketing
- Subscription service obligations: cancellation rights and auto-renewal rules
- Cross-border e-commerce: VAT obligations and distance selling rules within the EU
AI and Algorithm Regulation
Artificial intelligence is transforming every industry — and regulators are moving fast to keep pace. The EU AI Act (Verordening AI), which began phasing in from 2024, creates a comprehensive regulatory framework for AI systems that will affect companies that develop, deploy, or use AI tools in the European market. For businesses in the Netherlands, understanding your obligations under the AI Act is now an urgent legal priority.
Law & More advises technology companies, users of AI systems, and investors on the legal implications of AI and algorithmic decision-making.
We advise on:
- Classifying your AI system under the EU AI Act (prohibited, high-risk, limited-risk, or minimal risk)
- Compliance requirements for high-risk AI systems: documentation, testing, human oversight, and transparency
- Obligations for general-purpose AI model providers (GPAI — e.g. large language models)
- Algorithmic transparency and explainability obligations under GDPR (Article 22 — automated decision-making)
- Liability for AI-generated harm: contractual and tort law liability in the Netherlands
- AI in the workplace: employee monitoring, algorithmic management, and works council consultation (ondernemingsraad)
- AI and intellectual property: who owns AI-generated content?
- Procurement of AI tools: due diligence and contractual safeguards
- The EU Product Liability Directive (revised) and its impact on AI-enabled products
Industrial Software
Industrial and embedded software — the code running inside machines, vehicles, medical devices, and critical infrastructure — presents unique legal challenges that differ significantly from conventional software. The stakes are high: a defect in embedded software can cause physical harm, product recalls, and enormous liability.
The Brainport Eindhoven region, where Law & More is headquartered, is home to world-leading high-tech manufacturing companies such as ASML, Philips, and NXP. Our IT lawyers have specific experience with the legal issues that arise in the high-tech manufacturing and industrial software sector.
We advise on:
- IP ownership and protection of embedded software and firmware
- Product liability for software defects in physical products (revised EU Product Liability Directive)
- Certification and regulatory compliance for safety-critical software (IEC 61508, ISO 26262 for automotive)
- Medical device software under the EU MDR (Medical Device Regulation)
- Software development and licensing contracts in high-tech supply chains
- OEM and technology transfer agreements
- Software escrow for industrial control systems and critical infrastructure
- Export control compliance for dual-use software and technology
IT Disputes and Litigation
When IT projects go wrong — and they frequently do — the dispute resolution process can be just as technically complex as the underlying software system. IT disputes often involve large sums, highly technical subject matter, and disagreements that span multiple parties in a supply chain.
Law & More litigates IT disputes before the Dutch civil courts and in arbitration proceedings, and also has extensive experience with alternative dispute resolution (ADR) methods such as mediation, which is often faster and less costly than full court proceedings.
We represent clients in:
- Disputes about failed IT projects or software delivery (oplevering)
- Claims for damages following a data breach or cybersecurity incident
- Software copyright infringement proceedings
- Disputes about SLA performance and service credit claims
- IT outsourcing disputes and contract termination claims
- Domain name and online brand disputes (UDRP and WIPO procedures)
- Disputes with cloud and SaaS providers
- Procurement disputes (including government IT procurement)
- Emergency injunctions (kort geding) in IP and IT matters
IT Procurement & Outsourcing
Large-scale IT procurement and outsourcing arrangements — whether for private companies or government organisations — are among the most complex and highest-value contracts in the technology sector. Getting the structure, governance, and exit mechanisms right from the outset is critical to protecting your organisation’s long-term interests.
We advise buyers and suppliers on:
- IT outsourcing contracts and service transition arrangements
- Government IT procurement under the Aanbestedingswet and European procurement directives
- GIBIT (Government IT Purchasing Conditions) and ARBIT framework contracts
- Insourcing and backsourcing: legally managing an IT transition back in-house
- Multi-vendor and prime contractor arrangements
- Vendor management and governance frameworks
- Exit clauses, data portability, and knowledge transfer obligations
Frequently Asked Questions
An IT lawyer advises and litigates at the intersection of technology and law. This includes: software and IT contracts (licenses, SaaS, implementation), data protection and GDPR compliance, intellectual property (software copyright, trademarks), cybersecurity and data breaches, IT liability and disputes, e-commerce and online platforms, AI and emerging tech regulation, and cloud computing agreements. We advise tech companies, software suppliers, startups, and IT departments on legal issues surrounding digital technology.
We apply a transparent hourly rate of €295 excl. VAT. Costs vary per case.
If you process personal data you must: have lawful processing ground (consent, contract, legitimate interest), apply privacy by design, implement security measures, conclude processor agreements with suppliers, maintain processing register, publish privacy statement, facilitate data subject rights (access, deletion, correction), and report data breaches within 72 hours to Data Protection Authority. Fines up to €20 million or 4% global turnover are possible. We conduct compliance audits and implement appropriate measures.
A proper SaaS contract regulates: exact description of services and functionalities, SLAs (uptime, performance, response times), data location and security, intellectual property rights, pricing and indexation, term and termination conditions, liability limitations, exit strategy and data portability, compliance with GDPR and other regulations, and dispute resolution. Standard supplier terms & conditions are often very supplier-friendly. We negotiate balanced contracts that protect your interests.
Possibly, depending on contractual agreements and warranties. For custom software, usually a result obligation applies (software must meet specifications). For SaaS/standard software, often a best efforts obligation with limited liability. Damages can include: direct damage (repair costs), indirect damage (lost profits, reputational damage), and data losses. Limiting liability through terms & conditions is possible but not unlimited. We advise on risk management and drafting liability-limiting contracts.
Software is protected via copyright (automatic, no registration needed), but only the concrete code/expression, not the idea. Additional protection: trademark registration for names/logos, trade name rights, database rights for databases, patents for technical inventions (limited for software), confidentiality agreements with employees/partners, and license terms that regulate use. We advise on optimal IP strategy and draft protective agreements.
Upon suspected data breach: immediately start investigation into scope and risks, take measures to stop breach and limit damage, report to Data Protection Authority within 72 hours if there's risk for data subjects, inform affected persons in case of high risk, document incident and response, and implement structural measures. Not reporting or late reporting can lead to fines up to €10 million or 2% turnover. We guide data breach procedures and communicate with DPA.
Depends on the license. Permissive licenses (MIT, BSD, Apache) usually allow commercial use if copyright notices are retained. Copyleft licenses (GPL, AGPL) require derivative works to also be open source, which can be problematic for commercial software. LGPL and MPL are less restrictive. Violation of open source licenses can lead to liability and forced disclosure of your code. We analyze your software stack and advise on compliant use.
Yes, we advise on emerging tech regulation: EU AI Act compliance (risk categories, transparency obligations), algorithm discrimination and fairness, training data and copyright (generative AI), liability for AI decisions, automated decision making under GDPR, and contractual AI clauses (warranties, liability). As a Brainport firm we understand both the tech and legal complexity. We help tech companies navigate this new regulation.
Main risks: data location outside EU (GDPR compliance, Schrems II), vendor lock-in and data portability problems, unclear liability for outages, insufficient security measures, no adequate processor agreement, data loss or corruption, and dependency on sub-processors. We assess cloud contracts, negotiate SLAs and security requirements, and ensure GDPR-compliant processor agreements and data transfer mechanisms.
E-commerce platforms have duty of care but limited liability under hosting regime. Upon notification of unlawful content (fake reviews, counterfeits) they must remove (notice and takedown). DSA (Digital Services Act) requires platforms to provide transparency and moderation. You can: address platform holder for negligence, hold author of fake review liable (harder to identify), and enforce removal via court order. We litigate against platforms and help limit reputational damage.
Public IT procurement (governments, semi-public institutions) follows Procurement Act with strict procedures: European procurement (>€215,000 services), transparency and equal treatment, technical specifications without brand preference, award criteria (MEAT or price), objection periods (standstill period), and contract terms established upfront. Private procurement is freer but fair dealing remains important. We guide suppliers in tenders and clients in procurement procedures, and litigate against unlawful rejections.
Ready to Speak with a IT Lawyer?
Our IT law specialists have deep expertise and are ready to help. Schedule a consultation today.
